Splunk Observability Cloud Certified Metrics User — Question 29

The Lockheed Martin Cyber Kill Chain® breaks an attack lifecycle into several stages. A threat actor modified the registry on a compromised Windows system to ensure that their malware would automatically run at boot time. Into which phase of the Kill Chain would this fall?

Answer options

• A. Act on Objectives
• B. Exploitation
• C. Delivery
• D. Installation

Correct answer: D

Explanation

The correct answer is D, Installation, as this phase involves the malware being set up to run automatically, ensuring persistence on the system. The other options do not apply here: A, Act on Objectives, refers to the execution of the attack's goals; B, Exploitation, involves taking advantage of vulnerabilities; and C, Delivery, is the phase where the malware is transmitted to the target.